Voici la sélection des cyberattaques majeures découvertes la semaine passée.
Vous retrouvez ci-dessous les liens directs vers les articles les plus intéressants. Pour information, cette veille est préparée avec un vrai cerveau non artificiel, alors bonne lecture et merci de soutenir le Décodeur !
Les actus sélectionnées cette semaine
CISA orders federal agencies to disconnect Ivanti VPN appliances by Saturday
CISA has ordered U.S. federal agencies to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances vulnerable to multiple actively exploited bugs before Saturday.
China is hacking Wi-Fi routers for attack on US electrical grid and water supplies, FBI warns
China-sponsored attacks likened to « placing bombs in water treatment facilities, and power plants ». Is it just me, or does this sound like the plot of a Mission Impossible movie?
Iranian hackers breached Albania’s Institute of Statistics (INSTAT)
Albania’s Institute of Statistics (INSTAT) announced that it was targeted by a sophisticated cyberattack that affected some of its systems.
Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware
Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader.
Caritas-Klinik Dominikus: Nächstes Krankenhaus kämpft mit Ransomware
Kriminelle attackieren die IT der Caritas-Klinik Dominikus in Berlin. Am Wochenende erfolgte ein Ransomware-Angriff auf die Kliniken in Mittelfranken.
Ukraine Claims Destruction of 280 Russian Servers, 2 Petabytes Lost
The Main Intelligence Directorate of the Ministry of Defense of Ukraine have claimed a cyber attack on on critical Russian infrastructure.
Ripple Co-Founder’s Personal XRP Wallet Breached in $112 Million Hack
Ripple CEO Brad Garlinghouse has confirmed that the XRP wallet belonging to Ripple’s co-founder, Chris Larsen, was indeed hacked.
Anonymous Sudan Claims DDOS Attacks on UAE’s Flydubai Airline
Anonymous Sudan, the pro-Palestinian hacktivist group, has taken credit for a series of DDoS attacks on Flydubai, a UAE government-owned airline.
Cloudflare Hacked After State Actor Leverages Okta Breach
The aftermath of the 2023 Okta breach continues to unfold, with Cloudflare disclosing the details of its security compromise.
Johnson Controls Ransomware Cleanup Costs Top $27M & Counting
JCI’s latest SEC filing notes that its smart-factory installations weren’t compromised, allaying physical security fears.
South African Railways Lost Over $1M in Phishing Scam
More than half of the stolen funds have been recovered.
Cyberattack disrupts IT systems in Fulton County, Georgia | StateScoop
A cyberattack has disrupted digital operations across various functions of the Fulton County, Georgia, government, which contains parts of Atlanta.
U.S. government sanctions Iranian officials over Pennsylvania water facility hack
The Iranian attack targeted a device manufactured by an Israeli company.
Energy giant Schneider Electric hit by Cactus ransomware attack
Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter.
FBI disrupts Chinese botnet by wiping malware from infected routers
The FBI has disrupted the KV Botnet used by Chinese Volt Typhoon state hackers to evade detection during attacks targeting U.S. critical infrastructure.
Lurie Children’s Hospital took systems offline after cyberattack
Lurie Children’s Hospital in Chicago was forced to take IT systems offline after a cyberattack, disrupting normal operations and delaying medical care in some instances.
AnyDesk says hackers breached its production servers, reset passwords
AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company’s production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack.
Kansas City public transportation authority hit by ransomware
The Kansas City Area Transportation Authority (KCATA) announced it was targeted by a ransomware attack on Tuesday, January 23.
